ApacheCon Europe 2007

[Matt Raible <mr...@gmail.com>]

Roller Developers,

I just thought I'd let y'all know that I'm going to try to speak at
ApacheCon 2007 Europe.  I submitted a few proposals this morning,
including the following 1/2 day tutorial for Roller and Acegi
Security:

<abstract>
Security and Single Sign-on: Roller, Geronimo/LDAP, and Acegi Security
--------------------------------------------------------------------------------
Acegi Security is quickly becoming a widely respected security
framework for Java applications. Not only does this security framework
solve many of the deficiencies of J2EE's security mechanisms, but it's
also easy to implement and configure. This tutorial will help you
learn more about Acegi Security, as well as how to integrate it into
your web applications. The Roller Weblogger project (currently in
Apache's incubator) uses Acegi Security for many of its features:
authentication, password encryption, remember me and SSL switching.
After learning about Roller and Acegi, you will see how to deploy
Roller onto Tomcat and Geronimo. Following that, you will learn how to
hook Roller/Acegi into Apache Directory Server for authentication.
Finally, you will learn how to integrate Roller with a Single Sign-on
System (Yale's Central Authentication Service -
http://www.ja-sig.org/products/cas).

Proposed Agenda:
Hour 1: Introduction to Acegi Security
Hour 2: Introduction to Roller, Installing on Tomcat and Geronimo
Hour 3: Integrating Roller with LDAP (Apache DS) and CAS
</abstract>

I'm interested in finding a flashier title, in case anyone has
suggestions.  Is anyone else planning on attending and/or presenting?
If we have 2+ committers there, we should consider organizing a BOF.

Hope everyone is having a good holiday break!

Matt

-- 
http://raibledesigns.com

Re: ApacheCon Europe 2007

[Pat Patterson <pa...@superpat.com>]

Hi Ian,

You might want to take another look at OpenSSO - it's thriving! We completed
our first phase of code rollout in August -
https://opensso.dev.java.net/servlets/NewsItemView?newsItemID=4039 - all the
code required to build a working access control and single sign-on solution,
and followed it up with all the federation code in November -
https://opensso.dev.java.net/servlets/NewsItemView?newsItemID=4377 -
supporting SAML 1.x, Liberty ID-FF, ID-WSF and SAML 2.0. You can also find
our architecture docs here:
https://opensso.dev.java.net/servlets/ProjectDocumentList?folderID=4019&expandFolder=4019&folderID=4018

Not only are the mailing lists alive (take a look at monthly traffic on the
users@opensso list -
https://opensso.dev.java.net/servlets/SummarizeList?listName=users), we have
committers external to Sun and a web agency in the UK has already built a
solution on OpenSSO and deployed it into production -
http://blogs.sun.com/superpat/entry/audi_uk_using_opensso_to

So - vaporware? Anything but.

As far as OpenID goes, it's orthogonal to OpenSSO. OpenID is an
authentication protocol. OpenSSO is an access control/single
sign-on/federation server. As I mentioned above, OpenSSO already supports
the SAML and ID-FF protocols for cross-domain/federated authentication and
single sign-on, and we are adding WS-Federation soon
(http://blogs.sun.com/superpat/entry/development_in_the_open_opensso). In
fact, one of our committers is looking at adding OpenID support to OpenSSO
right now.

Sorry for the off-topic rambling, but I felt I had to correct the
inaccuracies.

Fair disclosure - I work at Sun. OpenSSO is my day job. So, I'm highly
biased, but, on the other hand, I do know what I'm talking about.

Cheers,

Pat
http://blogs.sun.com/superpat


Ian Kallen-2 wrote:
> 
> AFAICT, OpenSSO is vaporware; it's been months and Sun hasn't released 
> any specs or working code. OTOH OpenID works *now*. Technorati profiles 
> work as identities. For instance, Dave, you can log in to your 
> Technorati account and then use your logged-in status to authenticate on 
> zooomr.com, ma.gnolia.com or wikitravel.com (or any service supporting 
> OpenID 1.1, AFAIK) using http://technorati.com/profile/snoopdave. And 
> blogging platforms that supply URL based identities with OpenID can 
> seamlessly claim their blogs on Technorati (try it: claim a Vox or 
> LiveJournal blog). I'm not sure of the state of the java OpenID 
> implementations, anyone interested in developing comment authentication 
> with OpenID (which I think would be *great*, I hate identity silo 
> proliferation and capthas), I can introduce to the folks at JanRain, 
> they have a lot of working code that's live out in the wild.
> -Ian
> 
> Matt Raible wrote:
>> What about OpenSSO?  I found this discussion, but nothing comparing
>> OpenSSO with OpenID.
>>
>> http://blogs.sun.com/superpat/entry/opensso_it_s_alive_alive
>>
>> Matt
>>
>>
>> On 12/27/06, Dave <sn...@gmail.com> wrote:
>>> Foo. I hit the send button too soon.
>>>
>>> That's a great idea for a talk and I don't think the title is too bad,
>>> it's nice and descriptive. Another SSO option worthy of exploration is
>>> OpenID.
>>>
>>> - Dave
>>>
>>>
>>>
>>> On 12/27/06, Dave <sn...@gmail.com> wrote:
>>> > I'm also planning on submitting papers to ApacheCon EU 2007.
>>> >
>>> > - Dave
>>> >
>>> >
>>> >
>>> > On 12/27/06, Matt Raible <mr...@gmail.com> wrote:
>>> > > Roller Developers,
>>> > >
>>> > > I just thought I'd let y'all know that I'm going to try to speak at
>>> > > ApacheCon 2007 Europe.  I submitted a few proposals this morning,
>>> > > including the following 1/2 day tutorial for Roller and Acegi
>>> > > Security:
>>> > >
>>> > > <abstract>
>>> > > Security and Single Sign-on: Roller, Geronimo/LDAP, and Acegi 
>>> Security
>>> > > 
>>> -------------------------------------------------------------------------------- 
>>>
>>> > > Acegi Security is quickly becoming a widely respected security
>>> > > framework for Java applications. Not only does this security 
>>> framework
>>> > > solve many of the deficiencies of J2EE's security mechanisms, but 
>>> it's
>>> > > also easy to implement and configure. This tutorial will help you
>>> > > learn more about Acegi Security, as well as how to integrate it into
>>> > > your web applications. The Roller Weblogger project (currently in
>>> > > Apache's incubator) uses Acegi Security for many of its features:
>>> > > authentication, password encryption, remember me and SSL switching.
>>> > > After learning about Roller and Acegi, you will see how to deploy
>>> > > Roller onto Tomcat and Geronimo. Following that, you will learn 
>>> how to
>>> > > hook Roller/Acegi into Apache Directory Server for authentication.
>>> > > Finally, you will learn how to integrate Roller with a Single 
>>> Sign-on
>>> > > System (Yale's Central Authentication Service -
>>> > > http://www.ja-sig.org/products/cas).
>>> > >
>>> > > Proposed Agenda:
>>> > > Hour 1: Introduction to Acegi Security
>>> > > Hour 2: Introduction to Roller, Installing on Tomcat and Geronimo
>>> > > Hour 3: Integrating Roller with LDAP (Apache DS) and CAS
>>> > > </abstract>
>>> > >
>>> > > I'm interested in finding a flashier title, in case anyone has
>>> > > suggestions.  Is anyone else planning on attending and/or 
>>> presenting?
>>> > > If we have 2+ committers there, we should consider organizing a BOF.
>>> > >
>>> > > Hope everyone is having a good holiday break!
>>> > >
>>> > > Matt
>>> > >
>>> > > --
>>> > > http://raibledesigns.com
>>> > >
>>> >
>>>
>>
>>
> 
> 
> -- 
> Ian Kallen || Architect, Technorati Inc. || m: 415.505.5208
> blog@ http://www.arachna.com/roller/page/spidaman
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/ApacheCon-Europe-2007-tf2887190s12275.html#a8307391
Sent from the Roller - Dev mailing list archive at Nabble.com.

Re: ApacheCon Europe 2007

[Ian Kallen <ik...@technorati.com>]

AFAICT, OpenSSO is vaporware; it's been months and Sun hasn't released 
any specs or working code. OTOH OpenID works *now*. Technorati profiles 
work as identities. For instance, Dave, you can log in to your 
Technorati account and then use your logged-in status to authenticate on 
zooomr.com, ma.gnolia.com or wikitravel.com (or any service supporting 
OpenID 1.1, AFAIK) using http://technorati.com/profile/snoopdave. And 
blogging platforms that supply URL based identities with OpenID can 
seamlessly claim their blogs on Technorati (try it: claim a Vox or 
LiveJournal blog). I'm not sure of the state of the java OpenID 
implementations, anyone interested in developing comment authentication 
with OpenID (which I think would be *great*, I hate identity silo 
proliferation and capthas), I can introduce to the folks at JanRain, 
they have a lot of working code that's live out in the wild.
-Ian

Matt Raible wrote:
> What about OpenSSO?  I found this discussion, but nothing comparing
> OpenSSO with OpenID.
>
> http://blogs.sun.com/superpat/entry/opensso_it_s_alive_alive
>
> Matt
>
>
> On 12/27/06, Dave <sn...@gmail.com> wrote:
>> Foo. I hit the send button too soon.
>>
>> That's a great idea for a talk and I don't think the title is too bad,
>> it's nice and descriptive. Another SSO option worthy of exploration is
>> OpenID.
>>
>> - Dave
>>
>>
>>
>> On 12/27/06, Dave <sn...@gmail.com> wrote:
>> > I'm also planning on submitting papers to ApacheCon EU 2007.
>> >
>> > - Dave
>> >
>> >
>> >
>> > On 12/27/06, Matt Raible <mr...@gmail.com> wrote:
>> > > Roller Developers,
>> > >
>> > > I just thought I'd let y'all know that I'm going to try to speak at
>> > > ApacheCon 2007 Europe.  I submitted a few proposals this morning,
>> > > including the following 1/2 day tutorial for Roller and Acegi
>> > > Security:
>> > >
>> > > <abstract>
>> > > Security and Single Sign-on: Roller, Geronimo/LDAP, and Acegi 
>> Security
>> > > 
>> -------------------------------------------------------------------------------- 
>>
>> > > Acegi Security is quickly becoming a widely respected security
>> > > framework for Java applications. Not only does this security 
>> framework
>> > > solve many of the deficiencies of J2EE's security mechanisms, but 
>> it's
>> > > also easy to implement and configure. This tutorial will help you
>> > > learn more about Acegi Security, as well as how to integrate it into
>> > > your web applications. The Roller Weblogger project (currently in
>> > > Apache's incubator) uses Acegi Security for many of its features:
>> > > authentication, password encryption, remember me and SSL switching.
>> > > After learning about Roller and Acegi, you will see how to deploy
>> > > Roller onto Tomcat and Geronimo. Following that, you will learn 
>> how to
>> > > hook Roller/Acegi into Apache Directory Server for authentication.
>> > > Finally, you will learn how to integrate Roller with a Single 
>> Sign-on
>> > > System (Yale's Central Authentication Service -
>> > > http://www.ja-sig.org/products/cas).
>> > >
>> > > Proposed Agenda:
>> > > Hour 1: Introduction to Acegi Security
>> > > Hour 2: Introduction to Roller, Installing on Tomcat and Geronimo
>> > > Hour 3: Integrating Roller with LDAP (Apache DS) and CAS
>> > > </abstract>
>> > >
>> > > I'm interested in finding a flashier title, in case anyone has
>> > > suggestions.  Is anyone else planning on attending and/or 
>> presenting?
>> > > If we have 2+ committers there, we should consider organizing a BOF.
>> > >
>> > > Hope everyone is having a good holiday break!
>> > >
>> > > Matt
>> > >
>> > > --
>> > > http://raibledesigns.com
>> > >
>> >
>>
>
>


-- 
Ian Kallen || Architect, Technorati Inc. || m: 415.505.5208
blog@ http://www.arachna.com/roller/page/spidaman

Re: ApacheCon Europe 2007

[Matt Raible <mr...@gmail.com>]

What about OpenSSO?  I found this discussion, but nothing comparing
OpenSSO with OpenID.

http://blogs.sun.com/superpat/entry/opensso_it_s_alive_alive

Matt


On 12/27/06, Dave <sn...@gmail.com> wrote:
> Foo. I hit the send button too soon.
>
> That's a great idea for a talk and I don't think the title is too bad,
> it's nice and descriptive. Another SSO option worthy of exploration is
> OpenID.
>
> - Dave
>
>
>
> On 12/27/06, Dave <sn...@gmail.com> wrote:
> > I'm also planning on submitting papers to ApacheCon EU 2007.
> >
> > - Dave
> >
> >
> >
> > On 12/27/06, Matt Raible <mr...@gmail.com> wrote:
> > > Roller Developers,
> > >
> > > I just thought I'd let y'all know that I'm going to try to speak at
> > > ApacheCon 2007 Europe.  I submitted a few proposals this morning,
> > > including the following 1/2 day tutorial for Roller and Acegi
> > > Security:
> > >
> > > <abstract>
> > > Security and Single Sign-on: Roller, Geronimo/LDAP, and Acegi Security
> > > --------------------------------------------------------------------------------
> > > Acegi Security is quickly becoming a widely respected security
> > > framework for Java applications. Not only does this security framework
> > > solve many of the deficiencies of J2EE's security mechanisms, but it's
> > > also easy to implement and configure. This tutorial will help you
> > > learn more about Acegi Security, as well as how to integrate it into
> > > your web applications. The Roller Weblogger project (currently in
> > > Apache's incubator) uses Acegi Security for many of its features:
> > > authentication, password encryption, remember me and SSL switching.
> > > After learning about Roller and Acegi, you will see how to deploy
> > > Roller onto Tomcat and Geronimo. Following that, you will learn how to
> > > hook Roller/Acegi into Apache Directory Server for authentication.
> > > Finally, you will learn how to integrate Roller with a Single Sign-on
> > > System (Yale's Central Authentication Service -
> > > http://www.ja-sig.org/products/cas).
> > >
> > > Proposed Agenda:
> > > Hour 1: Introduction to Acegi Security
> > > Hour 2: Introduction to Roller, Installing on Tomcat and Geronimo
> > > Hour 3: Integrating Roller with LDAP (Apache DS) and CAS
> > > </abstract>
> > >
> > > I'm interested in finding a flashier title, in case anyone has
> > > suggestions.  Is anyone else planning on attending and/or presenting?
> > > If we have 2+ committers there, we should consider organizing a BOF.
> > >
> > > Hope everyone is having a good holiday break!
> > >
> > > Matt
> > >
> > > --
> > > http://raibledesigns.com
> > >
> >
>


-- 
http://raibledesigns.com

Re: ApacheCon Europe 2007

[Dave <sn...@gmail.com>]

Foo. I hit the send button too soon.

That's a great idea for a talk and I don't think the title is too bad,
it's nice and descriptive. Another SSO option worthy of exploration is
OpenID.

- Dave



On 12/27/06, Dave <sn...@gmail.com> wrote:
> I'm also planning on submitting papers to ApacheCon EU 2007.
>
> - Dave
>
>
>
> On 12/27/06, Matt Raible <mr...@gmail.com> wrote:
> > Roller Developers,
> >
> > I just thought I'd let y'all know that I'm going to try to speak at
> > ApacheCon 2007 Europe.  I submitted a few proposals this morning,
> > including the following 1/2 day tutorial for Roller and Acegi
> > Security:
> >
> > <abstract>
> > Security and Single Sign-on: Roller, Geronimo/LDAP, and Acegi Security
> > --------------------------------------------------------------------------------
> > Acegi Security is quickly becoming a widely respected security
> > framework for Java applications. Not only does this security framework
> > solve many of the deficiencies of J2EE's security mechanisms, but it's
> > also easy to implement and configure. This tutorial will help you
> > learn more about Acegi Security, as well as how to integrate it into
> > your web applications. The Roller Weblogger project (currently in
> > Apache's incubator) uses Acegi Security for many of its features:
> > authentication, password encryption, remember me and SSL switching.
> > After learning about Roller and Acegi, you will see how to deploy
> > Roller onto Tomcat and Geronimo. Following that, you will learn how to
> > hook Roller/Acegi into Apache Directory Server for authentication.
> > Finally, you will learn how to integrate Roller with a Single Sign-on
> > System (Yale's Central Authentication Service -
> > http://www.ja-sig.org/products/cas).
> >
> > Proposed Agenda:
> > Hour 1: Introduction to Acegi Security
> > Hour 2: Introduction to Roller, Installing on Tomcat and Geronimo
> > Hour 3: Integrating Roller with LDAP (Apache DS) and CAS
> > </abstract>
> >
> > I'm interested in finding a flashier title, in case anyone has
> > suggestions.  Is anyone else planning on attending and/or presenting?
> > If we have 2+ committers there, we should consider organizing a BOF.
> >
> > Hope everyone is having a good holiday break!
> >
> > Matt
> >
> > --
> > http://raibledesigns.com
> >
>

Re: ApacheCon Europe 2007

[Dave <sn...@gmail.com>]

I'm also planning on submitting papers to ApacheCon EU 2007.

- Dave



On 12/27/06, Matt Raible <mr...@gmail.com> wrote:
> Roller Developers,
>
> I just thought I'd let y'all know that I'm going to try to speak at
> ApacheCon 2007 Europe.  I submitted a few proposals this morning,
> including the following 1/2 day tutorial for Roller and Acegi
> Security:
>
> <abstract>
> Security and Single Sign-on: Roller, Geronimo/LDAP, and Acegi Security
> --------------------------------------------------------------------------------
> Acegi Security is quickly becoming a widely respected security
> framework for Java applications. Not only does this security framework
> solve many of the deficiencies of J2EE's security mechanisms, but it's
> also easy to implement and configure. This tutorial will help you
> learn more about Acegi Security, as well as how to integrate it into
> your web applications. The Roller Weblogger project (currently in
> Apache's incubator) uses Acegi Security for many of its features:
> authentication, password encryption, remember me and SSL switching.
> After learning about Roller and Acegi, you will see how to deploy
> Roller onto Tomcat and Geronimo. Following that, you will learn how to
> hook Roller/Acegi into Apache Directory Server for authentication.
> Finally, you will learn how to integrate Roller with a Single Sign-on
> System (Yale's Central Authentication Service -
> http://www.ja-sig.org/products/cas).
>
> Proposed Agenda:
> Hour 1: Introduction to Acegi Security
> Hour 2: Introduction to Roller, Installing on Tomcat and Geronimo
> Hour 3: Integrating Roller with LDAP (Apache DS) and CAS
> </abstract>
>
> I'm interested in finding a flashier title, in case anyone has
> suggestions.  Is anyone else planning on attending and/or presenting?
> If we have 2+ committers there, we should consider organizing a BOF.
>
> Hope everyone is having a good holiday break!
>
> Matt
>
> --
> http://raibledesigns.com
>